]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/network/networkd-ndisc.c
projects / thirdparty / systemd.git / blob
? search:


7889bfb19198fb5b56d28d51b2989a0a9c465225
[thirdparty/systemd.git] / src / network / networkd-ndisc.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 Copyright © 2014 Intel Corporation. All rights reserved.
4 ***/
5
6 #include <netinet/icmp6.h>
7 #include <arpa/inet.h>
8
9 #include "sd-ndisc.h"
10
11 #include "missing_network.h"
12 #include "networkd-dhcp6.h"
13 #include "networkd-manager.h"
14 #include "networkd-ndisc.h"
15 #include "networkd-route.h"
16 #include "string-table.h"
17 #include "string-util.h"
18 #include "strv.h"
19
20 #define NDISC_DNSSL_MAX 64U
21 #define NDISC_RDNSS_MAX 64U
22 #define NDISC_PREFIX_LFT_MIN 7200U
23
24 #define DAD_CONFLICTS_IDGEN_RETRIES_RFC7217 3
25
26 /* https://tools.ietf.org/html/rfc5453 */
27 /* https://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xml */
28
29 #define SUBNET_ROUTER_ANYCAST_ADDRESS_RFC4291 ((struct in6_addr) { .s6_addr = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } })
30 #define SUBNET_ROUTER_ANYCAST_PREFIXLEN 8
31 #define RESERVED_IPV6_INTERFACE_IDENTIFIERS_ADDRESS_RFC4291 ((struct in6_addr) { .s6_addr = { 0x02, 0x00, 0x5E, 0xFF, 0xFE } })
32 #define RESERVED_IPV6_INTERFACE_IDENTIFIERS_PREFIXLEN 5
33 #define RESERVED_SUBNET_ANYCAST_ADDRESSES_RFC4291 ((struct in6_addr) { .s6_addr = { 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } })
34 #define RESERVED_SUBNET_ANYCAST_PREFIXLEN 7
35
36 #define NDISC_APP_ID SD_ID128_MAKE(13,ac,81,a7,d5,3f,49,78,92,79,5d,0c,29,3a,bc,7e)
37
38 static bool stableprivate_address_is_valid(const struct in6_addr *addr) {
39 assert(addr);
40
41 /* According to rfc4291, generated address should not be in the following ranges. */
42
43 if (memcmp(addr, &SUBNET_ROUTER_ANYCAST_ADDRESS_RFC4291, SUBNET_ROUTER_ANYCAST_PREFIXLEN) == 0)
44 return false;
45
46 if (memcmp(addr, &RESERVED_IPV6_INTERFACE_IDENTIFIERS_ADDRESS_RFC4291, RESERVED_IPV6_INTERFACE_IDENTIFIERS_PREFIXLEN) == 0)
47 return false;
48
49 if (memcmp(addr, &RESERVED_SUBNET_ANYCAST_ADDRESSES_RFC4291, RESERVED_SUBNET_ANYCAST_PREFIXLEN) == 0)
50 return false;
51
52 return true;
53 }
54
55 static int make_stableprivate_address(Link *link, const struct in6_addr *prefix, uint8_t prefix_len, uint8_t dad_counter, struct in6_addr *addr) {
56 sd_id128_t secret_key;
57 struct siphash state;
58 uint64_t rid;
59 size_t l;
60 int r;
61
62 /* According to rfc7217 section 5.1
63 * RID = F(Prefix, Net_Iface, Network_ID, DAD_Counter, secret_key) */
64
65 r = sd_id128_get_machine_app_specific(NDISC_APP_ID, &secret_key);
66 if (r < 0)
67 return log_error_errno(r, "Failed to generate key: %m");
68
69 siphash24_init(&state, secret_key.bytes);
70
71 l = MAX(DIV_ROUND_UP(prefix_len, 8), 8);
72 siphash24_compress(prefix, l, &state);
73 siphash24_compress(link->ifname, strlen(link->ifname), &state);
74 siphash24_compress(&link->mac, sizeof(struct ether_addr), &state);
75 siphash24_compress(&dad_counter, sizeof(uint8_t), &state);
76
77 rid = htole64(siphash24_finalize(&state));
78
79 memcpy(addr->s6_addr, prefix->s6_addr, l);
80 memcpy(addr->s6_addr + l, &rid, 16 - l);
81
82 return 0;
83 }
84
85 static int ndisc_netlink_route_message_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) {
86 int r;
87
88 assert(link);
89 assert(link->ndisc_messages > 0);
90
91 link->ndisc_messages--;
92
93 if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
94 return 1;
95
96 r = sd_netlink_message_get_errno(m);
97 if (r < 0 && r != -EEXIST) {
98 log_link_message_error_errno(link, m, r, "Could not set NDisc route or address");
99 link_enter_failed(link);
100 return 1;
101 }
102
103 if (link->ndisc_messages == 0) {
104 link->ndisc_configured = true;
105 r = link_request_set_routes(link);
106 if (r < 0) {
107 link_enter_failed(link);
108 return 1;
109 }
110 link_check_ready(link);
111 }
112
113 return 1;
114 }
115
116 static int ndisc_netlink_address_message_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) {
117 int r;
118
119 assert(link);
120 assert(link->ndisc_messages > 0);
121
122 link->ndisc_messages--;
123
124 if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
125 return 1;
126
127 r = sd_netlink_message_get_errno(m);
128 if (r < 0 && r != -EEXIST) {
129 log_link_message_error_errno(link, m, r, "Could not set NDisc route or address");
130 link_enter_failed(link);
131 return 1;
132 } else if (r >= 0)
133 (void) manager_rtnl_process_address(rtnl, m, link->manager);
134
135 if (link->ndisc_messages == 0) {
136 link->ndisc_configured = true;
137 r = link_request_set_routes(link);
138 if (r < 0) {
139 link_enter_failed(link);
140 return 1;
141 }
142 link_check_ready(link);
143 }
144
145 return 1;
146 }
147
148 static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) {
149 _cleanup_(route_freep) Route *route = NULL;
150 union in_addr_union gateway;
151 uint16_t lifetime;
152 unsigned preference;
153 uint32_t mtu;
154 usec_t time_now;
155 int r;
156 Address *address;
157 Iterator i;
158
159 assert(link);
160 assert(rt);
161
162 r = sd_ndisc_router_get_lifetime(rt, &lifetime);
163 if (r < 0)
164 return log_link_warning_errno(link, r, "Failed to get gateway address from RA: %m");
165
166 if (lifetime == 0) /* not a default router */
167 return 0;
168
169 r = sd_ndisc_router_get_address(rt, &gateway.in6);
170 if (r < 0)
171 return log_link_warning_errno(link, r, "Failed to get gateway address from RA: %m");
172
173 SET_FOREACH(address, link->addresses, i) {
174 if (address->family != AF_INET6)
175 continue;
176 if (in_addr_equal(AF_INET6, &gateway, &address->in_addr)) {
177 _cleanup_free_ char *buffer = NULL;
178
179 (void) in_addr_to_string(AF_INET6, &address->in_addr, &buffer);
180 log_link_debug(link, "No NDisc route added, gateway %s matches local address",
181 strnull(buffer));
182 return 0;
183 }
184 }
185
186 SET_FOREACH(address, link->addresses_foreign, i) {
187 if (address->family != AF_INET6)
188 continue;
189 if (in_addr_equal(AF_INET6, &gateway, &address->in_addr)) {
190 _cleanup_free_ char *buffer = NULL;
191
192 (void) in_addr_to_string(AF_INET6, &address->in_addr, &buffer);
193 log_link_debug(link, "No NDisc route added, gateway %s matches local address",
194 strnull(buffer));
195 return 0;
196 }
197 }
198
199 r = sd_ndisc_router_get_preference(rt, &preference);
200 if (r < 0)
201 return log_link_warning_errno(link, r, "Failed to get default router preference from RA: %m");
202
203 r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now);
204 if (r < 0)
205 return log_link_warning_errno(link, r, "Failed to get RA timestamp: %m");
206
207 r = sd_ndisc_router_get_mtu(rt, &mtu);
208 if (r == -ENODATA)
209 mtu = 0;
210 else if (r < 0)
211 return log_link_warning_errno(link, r, "Failed to get default router MTU from RA: %m");
212
213 r = route_new(&route);
214 if (r < 0)
215 return log_link_error_errno(link, r, "Could not allocate route: %m");
216
217 route->family = AF_INET6;
218 route->table = link_get_ipv6_accept_ra_route_table(link);
219 route->priority = link->network->dhcp6_route_metric;
220 route->protocol = RTPROT_RA;
221 route->pref = preference;
222 route->gw = gateway;
223 route->lifetime = time_now + lifetime * USEC_PER_SEC;
224 route->mtu = mtu;
225
226 r = route_configure(route, link, ndisc_netlink_route_message_handler);
227 if (r < 0) {
228 log_link_warning_errno(link, r, "Could not set default route: %m");
229 link_enter_failed(link);
230 return r;
231 }
232 if (r > 0)
233 link->ndisc_messages++;
234
235 Route *route_gw;
236 LIST_FOREACH(routes, route_gw, link->network->static_routes) {
237 if (!route_gw->gateway_from_dhcp)
238 continue;
239
240 if (route_gw->family != AF_INET6)
241 continue;
242
243 route_gw->gw = gateway;
244
245 r = route_configure(route_gw, link, ndisc_netlink_route_message_handler);
246 if (r < 0) {
247 log_link_error_errno(link, r, "Could not set gateway: %m");
248 link_enter_failed(link);
249 return r;
250 }
251 if (r > 0)
252 link->ndisc_messages++;
253 }
254
255 return 0;
256 }
257
258 static int ndisc_router_generate_addresses(Link *link, unsigned prefixlen, uint32_t lifetime_preferred, Address *address, Set **ret) {
259 _cleanup_set_free_free_ Set *addresses = NULL;
260 struct in6_addr addr;
261 IPv6Token *j;
262 Iterator i;
263 int r;
264
265 assert(link);
266 assert(address);
267 assert(ret);
268
269 addresses = set_new(&address_hash_ops);
270 if (!addresses)
271 return log_oom();
272
273 addr = address->in_addr.in6;
274 ORDERED_HASHMAP_FOREACH(j, link->network->ipv6_tokens, i) {
275 bool have_address = false;
276 _cleanup_(address_freep) Address *new_address = NULL;
277
278 r = address_new(&new_address);
279 if (r < 0)
280 return log_oom();
281
282 *new_address = *address;
283
284 if (j->address_generation_type == IPV6_TOKEN_ADDRESS_GENERATION_PREFIXSTABLE
285 && memcmp(&j->prefix, &addr, FAMILY_ADDRESS_SIZE(address->family)) == 0) {
286 /* While this loop uses dad_counter and a retry limit as specified in RFC 7217, the loop
287 does not actually attempt Duplicate Address Detection; the counter will be incremented
288 only when the address generation algorithm produces an invalid address, and the loop
289 may exit with an address which ends up being unusable due to duplication on the link.
290 */
291 for (; j->dad_counter < DAD_CONFLICTS_IDGEN_RETRIES_RFC7217; j->dad_counter++) {
292 r = make_stableprivate_address(link, &j->prefix, prefixlen, j->dad_counter, &new_address->in_addr.in6);
293 if (r < 0)
294 break;
295
296 if (stableprivate_address_is_valid(&new_address->in_addr.in6)) {
297 have_address = true;
298 break;
299 }
300 }
301 } else if (j->address_generation_type == IPV6_TOKEN_ADDRESS_GENERATION_STATIC) {
302 memcpy(new_address->in_addr.in6.s6_addr + 8, j->prefix.s6_addr + 8, 8);
303 have_address = true;
304 }
305
306 if (have_address) {
307 new_address->prefixlen = prefixlen;
308 new_address->flags = IFA_F_NOPREFIXROUTE|IFA_F_MANAGETEMPADDR;
309 new_address->cinfo.ifa_prefered = lifetime_preferred;
310
311 r = set_put(addresses, new_address);
312 if (r < 0)
313 return log_link_warning_errno(link, r, "Failed to store address: %m");
314 TAKE_PTR(new_address);
315 }
316 }
317
318 /* fall back to EUI-64 if no tokens provided addresses */
319 if (set_isempty(addresses)) {
320 _cleanup_(address_freep) Address *new_address = NULL;
321
322 r = address_new(&new_address);
323 if (r < 0)
324 return log_oom();
325
326 *new_address = *address;
327
328 r = generate_ipv6_eui_64_address(link, &new_address->in_addr.in6);
329 if (r < 0)
330 return log_link_error_errno(link, r, "Failed to generate EUI64 address: %m");
331
332 new_address->prefixlen = prefixlen;
333 new_address->flags = IFA_F_NOPREFIXROUTE|IFA_F_MANAGETEMPADDR;
334 new_address->cinfo.ifa_prefered = lifetime_preferred;
335
336 r = set_put(addresses, new_address);
337 if (r < 0)
338 return log_link_warning_errno(link, r, "Failed to store address: %m");
339 TAKE_PTR(new_address);
340 }
341
342 *ret = TAKE_PTR(addresses);
343
344 return 0;
345 }
346
347 static int ndisc_router_process_autonomous_prefix(Link *link, sd_ndisc_router *rt) {
348 uint32_t lifetime_valid, lifetime_preferred, lifetime_remaining;
349 _cleanup_set_free_free_ Set *addresses = NULL;
350 _cleanup_(address_freep) Address *address = NULL;
351 unsigned prefixlen;
352 usec_t time_now;
353 Address *existing_address, *a;
354 Iterator i;
355 int r;
356
357 assert(link);
358 assert(rt);
359
360 r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now);
361 if (r < 0)
362 return log_link_warning_errno(link, r, "Failed to get RA timestamp: %m");
363
364 r = sd_ndisc_router_prefix_get_prefixlen(rt, &prefixlen);
365 if (r < 0)
366 return log_link_error_errno(link, r, "Failed to get prefix length: %m");
367
368 r = sd_ndisc_router_prefix_get_valid_lifetime(rt, &lifetime_valid);
369 if (r < 0)
370 return log_link_error_errno(link, r, "Failed to get prefix valid lifetime: %m");
371
372 r = sd_ndisc_router_prefix_get_preferred_lifetime(rt, &lifetime_preferred);
373 if (r < 0)
374 return log_link_error_errno(link, r, "Failed to get prefix preferred lifetime: %m");
375
376 /* The preferred lifetime is never greater than the valid lifetime */
377 if (lifetime_preferred > lifetime_valid)
378 return 0;
379
380 r = address_new(&address);
381 if (r < 0)
382 return log_link_error_errno(link, r, "Could not allocate address: %m");
383
384 address->family = AF_INET6;
385 r = sd_ndisc_router_prefix_get_address(rt, &address->in_addr.in6);
386 if (r < 0)
387 return log_link_error_errno(link, r, "Failed to get prefix address: %m");
388
389 r = ndisc_router_generate_addresses(link, prefixlen, lifetime_preferred, address, &addresses);
390 if (r < 0)
391 return log_link_error_errno(link, r, "Failed to generate SLAAC addresses: %m");
392
393 SET_FOREACH(a, addresses, i) {
394 /* see RFC4862 section 5.5.3.e */
395 r = address_get(link, a->family, &a->in_addr, a->prefixlen, &existing_address);
396 if (r > 0) {
397 lifetime_remaining = existing_address->cinfo.tstamp / 100 + existing_address->cinfo.ifa_valid - time_now / USEC_PER_SEC;
398 if (lifetime_valid > NDISC_PREFIX_LFT_MIN || lifetime_valid > lifetime_remaining)
399 a->cinfo.ifa_valid = lifetime_valid;
400 else if (lifetime_remaining <= NDISC_PREFIX_LFT_MIN)
401 a->cinfo.ifa_valid = lifetime_remaining;
402 else
403 a->cinfo.ifa_valid = NDISC_PREFIX_LFT_MIN;
404 } else if (lifetime_valid > 0)
405 a->cinfo.ifa_valid = lifetime_valid;
406 else
407 return 0; /* see RFC4862 section 5.5.3.d */
408
409 if (a->cinfo.ifa_valid == 0)
410 continue;
411
412 r = address_configure(a, link, ndisc_netlink_address_message_handler, true);
413 if (r < 0) {
414 log_link_warning_errno(link, r, "Could not set SLAAC address: %m");
415 link_enter_failed(link);
416 return r;
417 }
418
419 if (r > 0)
420 link->ndisc_messages++;
421 }
422
423 return 0;
424 }
425
426 static int ndisc_router_process_onlink_prefix(Link *link, sd_ndisc_router *rt) {
427 _cleanup_(route_freep) Route *route = NULL;
428 usec_t time_now;
429 uint32_t lifetime;
430 unsigned prefixlen;
431 int r;
432
433 assert(link);
434 assert(rt);
435
436 r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now);
437 if (r < 0)
438 return log_link_warning_errno(link, r, "Failed to get RA timestamp: %m");
439
440 r = sd_ndisc_router_prefix_get_prefixlen(rt, &prefixlen);
441 if (r < 0)
442 return log_link_error_errno(link, r, "Failed to get prefix length: %m");
443
444 r = sd_ndisc_router_prefix_get_valid_lifetime(rt, &lifetime);
445 if (r < 0)
446 return log_link_error_errno(link, r, "Failed to get prefix lifetime: %m");
447
448 r = route_new(&route);
449 if (r < 0)
450 return log_link_error_errno(link, r, "Could not allocate route: %m");
451
452 route->family = AF_INET6;
453 route->table = link_get_ipv6_accept_ra_route_table(link);
454 route->priority = link->network->dhcp6_route_metric;
455 route->protocol = RTPROT_RA;
456 route->flags = RTM_F_PREFIX;
457 route->dst_prefixlen = prefixlen;
458 route->lifetime = time_now + lifetime * USEC_PER_SEC;
459
460 r = sd_ndisc_router_prefix_get_address(rt, &route->dst.in6);
461 if (r < 0)
462 return log_link_error_errno(link, r, "Failed to get prefix address: %m");
463
464 r = route_configure(route, link, ndisc_netlink_route_message_handler);
465 if (r < 0) {
466 log_link_warning_errno(link, r, "Could not set prefix route: %m");
467 link_enter_failed(link);
468 return r;
469 }
470 if (r > 0)
471 link->ndisc_messages++;
472
473 return 0;
474 }
475
476 static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) {
477 _cleanup_(route_freep) Route *route = NULL;
478 struct in6_addr gateway;
479 uint32_t lifetime;
480 unsigned preference, prefixlen;
481 usec_t time_now;
482 int r;
483
484 assert(link);
485
486 r = sd_ndisc_router_route_get_lifetime(rt, &lifetime);
487 if (r < 0)
488 return log_link_warning_errno(link, r, "Failed to get gateway address from RA: %m");
489
490 if (lifetime == 0)
491 return 0;
492
493 r = sd_ndisc_router_get_address(rt, &gateway);
494 if (r < 0)
495 return log_link_warning_errno(link, r, "Failed to get gateway address from RA: %m");
496
497 r = sd_ndisc_router_route_get_prefixlen(rt, &prefixlen);
498 if (r < 0)
499 return log_link_warning_errno(link, r, "Failed to get route prefix length: %m");
500
501 r = sd_ndisc_router_route_get_preference(rt, &preference);
502 if (r < 0)
503 return log_link_warning_errno(link, r, "Failed to get default router preference from RA: %m");
504
505 r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now);
506 if (r < 0)
507 return log_link_warning_errno(link, r, "Failed to get RA timestamp: %m");
508
509 r = route_new(&route);
510 if (r < 0)
511 return log_link_error_errno(link, r, "Could not allocate route: %m");
512
513 route->family = AF_INET6;
514 route->table = link_get_ipv6_accept_ra_route_table(link);
515 route->priority = link->network->dhcp6_route_metric;
516 route->protocol = RTPROT_RA;
517 route->pref = preference;
518 route->gw.in6 = gateway;
519 route->dst_prefixlen = prefixlen;
520 route->lifetime = time_now + lifetime * USEC_PER_SEC;
521
522 r = sd_ndisc_router_route_get_address(rt, &route->dst.in6);
523 if (r < 0)
524 return log_link_error_errno(link, r, "Failed to get route address: %m");
525
526 r = route_configure(route, link, ndisc_netlink_route_message_handler);
527 if (r < 0) {
528 log_link_warning_errno(link, r, "Could not set additional route: %m");
529 link_enter_failed(link);
530 return r;
531 }
532 if (r > 0)
533 link->ndisc_messages++;
534
535 return 0;
536 }
537
538 static void ndisc_rdnss_hash_func(const NDiscRDNSS *x, struct siphash *state) {
539 siphash24_compress(&x->address, sizeof(x->address), state);
540 }
541
542 static int ndisc_rdnss_compare_func(const NDiscRDNSS *a, const NDiscRDNSS *b) {
543 return memcmp(&a->address, &b->address, sizeof(a->address));
544 }
545
546 DEFINE_PRIVATE_HASH_OPS(ndisc_rdnss_hash_ops, NDiscRDNSS, ndisc_rdnss_hash_func, ndisc_rdnss_compare_func);
547
548 static int ndisc_router_process_rdnss(Link *link, sd_ndisc_router *rt) {
549 uint32_t lifetime;
550 const struct in6_addr *a;
551 usec_t time_now;
552 int i, n, r;
553
554 assert(link);
555 assert(rt);
556
557 r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now);
558 if (r < 0)
559 return log_link_warning_errno(link, r, "Failed to get RA timestamp: %m");
560
561 r = sd_ndisc_router_rdnss_get_lifetime(rt, &lifetime);
562 if (r < 0)
563 return log_link_warning_errno(link, r, "Failed to get RDNSS lifetime: %m");
564
565 n = sd_ndisc_router_rdnss_get_addresses(rt, &a);
566 if (n < 0)
567 return log_link_warning_errno(link, n, "Failed to get RDNSS addresses: %m");
568
569 for (i = 0; i < n; i++) {
570 _cleanup_free_ NDiscRDNSS *x = NULL;
571 NDiscRDNSS d = {
572 .address = a[i],
573 }, *y;
574
575 if (lifetime == 0) {
576 (void) set_remove(link->ndisc_rdnss, &d);
577 link_dirty(link);
578 continue;
579 }
580
581 y = set_get(link->ndisc_rdnss, &d);
582 if (y) {
583 y->valid_until = time_now + lifetime * USEC_PER_SEC;
584 continue;
585 }
586
587 ndisc_vacuum(link);
588
589 if (set_size(link->ndisc_rdnss) >= NDISC_RDNSS_MAX) {
590 log_link_warning(link, "Too many RDNSS records per link, ignoring.");
591 continue;
592 }
593
594 x = new(NDiscRDNSS, 1);
595 if (!x)
596 return log_oom();
597
598 *x = (NDiscRDNSS) {
599 .address = a[i],
600 .valid_until = time_now + lifetime * USEC_PER_SEC,
601 };
602
603 r = set_ensure_consume(&link->ndisc_rdnss, &ndisc_rdnss_hash_ops, TAKE_PTR(x));
604 if (r < 0)
605 return log_oom();
606 assert(r > 0);
607
608 link_dirty(link);
609 }
610
611 return 0;
612 }
613
614 static void ndisc_dnssl_hash_func(const NDiscDNSSL *x, struct siphash *state) {
615 siphash24_compress(NDISC_DNSSL_DOMAIN(x), strlen(NDISC_DNSSL_DOMAIN(x)), state);
616 }
617
618 static int ndisc_dnssl_compare_func(const NDiscDNSSL *a, const NDiscDNSSL *b) {
619 return strcmp(NDISC_DNSSL_DOMAIN(a), NDISC_DNSSL_DOMAIN(b));
620 }
621
622 DEFINE_PRIVATE_HASH_OPS(ndisc_dnssl_hash_ops, NDiscDNSSL, ndisc_dnssl_hash_func, ndisc_dnssl_compare_func);
623
624 static void ndisc_router_process_dnssl(Link *link, sd_ndisc_router *rt) {
625 _cleanup_strv_free_ char **l = NULL;
626 uint32_t lifetime;
627 usec_t time_now;
628 char **i;
629 int r;
630
631 assert(link);
632 assert(rt);
633
634 r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now);
635 if (r < 0) {
636 log_link_warning_errno(link, r, "Failed to get RA timestamp: %m");
637 return;
638 }
639
640 r = sd_ndisc_router_dnssl_get_lifetime(rt, &lifetime);
641 if (r < 0) {
642 log_link_warning_errno(link, r, "Failed to get RDNSS lifetime: %m");
643 return;
644 }
645
646 r = sd_ndisc_router_dnssl_get_domains(rt, &l);
647 if (r < 0) {
648 log_link_warning_errno(link, r, "Failed to get RDNSS addresses: %m");
649 return;
650 }
651
652 STRV_FOREACH(i, l) {
653 _cleanup_free_ NDiscDNSSL *s;
654 NDiscDNSSL *x;
655
656 s = malloc0(ALIGN(sizeof(NDiscDNSSL)) + strlen(*i) + 1);
657 if (!s) {
658 log_oom();
659 return;
660 }
661
662 strcpy(NDISC_DNSSL_DOMAIN(s), *i);
663
664 if (lifetime == 0) {
665 (void) set_remove(link->ndisc_dnssl, s);
666 link_dirty(link);
667 continue;
668 }
669
670 x = set_get(link->ndisc_dnssl, s);
671 if (x) {
672 x->valid_until = time_now + lifetime * USEC_PER_SEC;
673 continue;
674 }
675
676 ndisc_vacuum(link);
677
678 if (set_size(link->ndisc_dnssl) >= NDISC_DNSSL_MAX) {
679 log_link_warning(link, "Too many DNSSL records per link, ignoring.");
680 continue;
681 }
682
683 s->valid_until = time_now + lifetime * USEC_PER_SEC;
684
685 r = set_ensure_consume(&link->ndisc_dnssl, &ndisc_dnssl_hash_ops, TAKE_PTR(s));
686 if (r < 0) {
687 log_oom();
688 return;
689 }
690 assert(r > 0);
691
692 link_dirty(link);
693 }
694 }
695
696 static int ndisc_router_process_options(Link *link, sd_ndisc_router *rt) {
697 int r;
698
699 assert(link);
700 assert(link->network);
701 assert(rt);
702
703 r = sd_ndisc_router_option_rewind(rt);
704 for (;;) {
705 uint8_t type;
706
707 if (r < 0)
708 return log_link_warning_errno(link, r, "Failed to iterate through options: %m");
709 if (r == 0) /* EOF */
710 break;
711
712 r = sd_ndisc_router_option_get_type(rt, &type);
713 if (r < 0)
714 return log_link_warning_errno(link, r, "Failed to get RA option type: %m");
715
716 switch (type) {
717
718 case SD_NDISC_OPTION_PREFIX_INFORMATION: {
719 union in_addr_union a;
720 uint8_t flags;
721
722 r = sd_ndisc_router_prefix_get_address(rt, &a.in6);
723 if (r < 0)
724 return log_link_error_errno(link, r, "Failed to get prefix address: %m");
725
726 if (set_contains(link->network->ndisc_black_listed_prefix, &a.in6)) {
727 if (DEBUG_LOGGING) {
728 _cleanup_free_ char *b = NULL;
729
730 (void) in_addr_to_string(AF_INET6, &a, &b);
731 log_link_debug(link, "Prefix '%s' is black listed, ignoring", strna(b));
732 }
733
734 break;
735 }
736
737 r = sd_ndisc_router_prefix_get_flags(rt, &flags);
738 if (r < 0)
739 return log_link_warning_errno(link, r, "Failed to get RA prefix flags: %m");
740
741 if (link->network->ipv6_accept_ra_use_onlink_prefix &&
742 FLAGS_SET(flags, ND_OPT_PI_FLAG_ONLINK))
743 (void) ndisc_router_process_onlink_prefix(link, rt);
744
745 if (link->network->ipv6_accept_ra_use_autonomous_prefix &&
746 FLAGS_SET(flags, ND_OPT_PI_FLAG_AUTO))
747 (void) ndisc_router_process_autonomous_prefix(link, rt);
748
749 break;
750 }
751
752 case SD_NDISC_OPTION_ROUTE_INFORMATION:
753 (void) ndisc_router_process_route(link, rt);
754 break;
755
756 case SD_NDISC_OPTION_RDNSS:
757 if (link->network->ipv6_accept_ra_use_dns)
758 (void) ndisc_router_process_rdnss(link, rt);
759 break;
760
761 case SD_NDISC_OPTION_DNSSL:
762 if (link->network->ipv6_accept_ra_use_dns)
763 (void) ndisc_router_process_dnssl(link, rt);
764 break;
765 }
766
767 r = sd_ndisc_router_option_next(rt);
768 }
769
770 return 0;
771 }
772
773 static int ndisc_router_handler(Link *link, sd_ndisc_router *rt) {
774 uint64_t flags;
775 int r;
776
777 assert(link);
778 assert(link->network);
779 assert(link->manager);
780 assert(rt);
781
782 r = sd_ndisc_router_get_flags(rt, &flags);
783 if (r < 0)
784 return log_link_warning_errno(link, r, "Failed to get RA flags: %m");
785
786 if ((flags & (ND_RA_FLAG_MANAGED | ND_RA_FLAG_OTHER) && link->network->ipv6_accept_ra_start_dhcp6_client)) {
787
788 if (link->network->ipv6_accept_ra_start_dhcp6_client == IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS)
789 r = dhcp6_request_address(link, false);
790 else
791 /* (re)start DHCPv6 client in stateful or stateless mode according to RA flags */
792 r = dhcp6_request_address(link, !(flags & ND_RA_FLAG_MANAGED));
793
794 if (r < 0 && r != -EBUSY)
795 log_link_warning_errno(link, r, "Could not acquire DHCPv6 lease on NDisc request: %m");
796 else {
797 log_link_debug(link, "Acquiring DHCPv6 lease on NDisc request");
798 r = 0;
799 }
800 }
801
802 (void) ndisc_router_process_default(link, rt);
803 (void) ndisc_router_process_options(link, rt);
804
805 return r;
806 }
807
808 static void ndisc_handler(sd_ndisc *nd, sd_ndisc_event event, sd_ndisc_router *rt, void *userdata) {
809 Link *link = userdata;
810
811 assert(link);
812
813 if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
814 return;
815
816 switch (event) {
817
818 case SD_NDISC_EVENT_ROUTER:
819 (void) ndisc_router_handler(link, rt);
820 break;
821
822 case SD_NDISC_EVENT_TIMEOUT:
823 link->ndisc_configured = true;
824 link_check_ready(link);
825
826 break;
827 default:
828 log_link_warning(link, "IPv6 Neighbor Discovery unknown event: %d", event);
829 }
830 }
831
832 int ndisc_configure(Link *link) {
833 int r;
834
835 assert(link);
836
837 r = sd_ndisc_new(&link->ndisc);
838 if (r < 0)
839 return r;
840
841 r = sd_ndisc_attach_event(link->ndisc, NULL, 0);
842 if (r < 0)
843 return r;
844
845 r = sd_ndisc_set_mac(link->ndisc, &link->mac);
846 if (r < 0)
847 return r;
848
849 r = sd_ndisc_set_ifindex(link->ndisc, link->ifindex);
850 if (r < 0)
851 return r;
852
853 r = sd_ndisc_set_callback(link->ndisc, ndisc_handler, link);
854 if (r < 0)
855 return r;
856
857 return 0;
858 }
859
860 void ndisc_vacuum(Link *link) {
861 NDiscRDNSS *r;
862 NDiscDNSSL *d;
863 Iterator i;
864 usec_t time_now;
865
866 assert(link);
867
868 /* Removes all RDNSS and DNSSL entries whose validity time has passed */
869
870 time_now = now(clock_boottime_or_monotonic());
871
872 SET_FOREACH(r, link->ndisc_rdnss, i)
873 if (r->valid_until < time_now) {
874 free(set_remove(link->ndisc_rdnss, r));
875 link_dirty(link);
876 }
877
878 SET_FOREACH(d, link->ndisc_dnssl, i)
879 if (d->valid_until < time_now) {
880 free(set_remove(link->ndisc_dnssl, d));
881 link_dirty(link);
882 }
883 }
884
885 void ndisc_flush(Link *link) {
886 assert(link);
887
888 /* Removes all RDNSS and DNSSL entries, without exception */
889
890 link->ndisc_rdnss = set_free_free(link->ndisc_rdnss);
891 link->ndisc_dnssl = set_free_free(link->ndisc_dnssl);
892 }
893
894 int ipv6token_new(IPv6Token **ret) {
895 IPv6Token *p;
896
897 p = new(IPv6Token, 1);
898 if (!p)
899 return -ENOMEM;
900
901 *p = (IPv6Token) {
902 .address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_NONE,
903 };
904
905 *ret = TAKE_PTR(p);
906
907 return 0;
908 }
909
910 DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
911 ipv6_token_hash_ops,
912 void,
913 trivial_hash_func,
914 trivial_compare_func,
915 IPv6Token,
916 free);
917
918 int config_parse_ndisc_black_listed_prefix(
919 const char *unit,
920 const char *filename,
921 unsigned line,
922 const char *section,
923 unsigned section_line,
924 const char *lvalue,
925 int ltype,
926 const char *rvalue,
927 void *data,
928 void *userdata) {
929
930 Network *network = data;
931 const char *p;
932 int r;
933
934 assert(filename);
935 assert(lvalue);
936 assert(rvalue);
937 assert(data);
938
939 if (isempty(rvalue)) {
940 network->ndisc_black_listed_prefix = set_free_free(network->ndisc_black_listed_prefix);
941 return 0;
942 }
943
944 for (p = rvalue;;) {
945 _cleanup_free_ char *n = NULL;
946 _cleanup_free_ struct in6_addr *a = NULL;
947 union in_addr_union ip;
948
949 r = extract_first_word(&p, &n, NULL, 0);
950 if (r < 0) {
951 log_syntax(unit, LOG_ERR, filename, line, r,
952 "Failed to parse NDISC black listed prefix, ignoring assignment: %s",
953 rvalue);
954 return 0;
955 }
956 if (r == 0)
957 return 0;
958
959 r = in_addr_from_string(AF_INET6, n, &ip);
960 if (r < 0) {
961 log_syntax(unit, LOG_ERR, filename, line, r,
962 "NDISC black listed prefix is invalid, ignoring assignment: %s", n);
963 continue;
964 }
965
966 if (set_contains(network->ndisc_black_listed_prefix, &ip.in6))
967 continue;
968
969 a = newdup(struct in6_addr, &ip.in6, 1);
970 if (!a)
971 return log_oom();
972
973 r = set_ensure_consume(&network->ndisc_black_listed_prefix, &in6_addr_hash_ops, TAKE_PTR(a));
974 if (r < 0)
975 return log_oom();
976 }
977
978 return 0;
979 }
980
981 int config_parse_address_generation_type(
982 const char *unit,
983 const char *filename,
984 unsigned line,
985 const char *section,
986 unsigned section_line,
987 const char *lvalue,
988 int ltype,
989 const char *rvalue,
990 void *data,
991 void *userdata) {
992
993 _cleanup_free_ IPv6Token *token = NULL;
994 union in_addr_union buffer;
995 Network *network = data;
996 const char *p;
997 int r;
998
999 assert(filename);
1000 assert(lvalue);
1001 assert(rvalue);
1002 assert(data);
1003
1004 if (isempty(rvalue)) {
1005 network->ipv6_tokens = ordered_hashmap_free(network->ipv6_tokens);
1006 return 0;
1007 }
1008
1009 r = ipv6token_new(&token);
1010 if (r < 0)
1011 return log_oom();
1012
1013 if ((p = startswith(rvalue, "static:")))
1014 token->address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_STATIC;
1015 else if ((p = startswith(rvalue, "prefixstable:")))
1016 token->address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_PREFIXSTABLE;
1017 else {
1018 token->address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_STATIC;
1019 p = rvalue;
1020 }
1021
1022 r = in_addr_from_string(AF_INET6, p, &buffer);
1023 if (r < 0) {
1024 log_syntax(unit, LOG_ERR, filename, line, r,
1025 "Failed to parse IPv6 %s, ignoring: %s", lvalue, rvalue);
1026 return 0;
1027 }
1028
1029 if (in_addr_is_null(AF_INET6, &buffer)) {
1030 log_syntax(unit, LOG_ERR, filename, line, 0,
1031 "IPv6 %s cannot be the ANY address, ignoring: %s", lvalue, rvalue);
1032 return 0;
1033 }
1034
1035 token->prefix = buffer.in6;
1036
1037 r = ordered_hashmap_ensure_allocated(&network->ipv6_tokens, &ipv6_token_hash_ops);
1038 if (r < 0)
1039 return log_oom();
1040
1041 r = ordered_hashmap_put(network->ipv6_tokens, &token->prefix, token);
1042 if (r < 0) {
1043 log_syntax(unit, LOG_ERR, filename, line, r,
1044 "Failed to store IPv6 token '%s'", rvalue);
1045 return 0;
1046 }
1047
1048 TAKE_PTR(token);
1049
1050 return 0;
1051 }
1052
1053 DEFINE_CONFIG_PARSE_ENUM(config_parse_ipv6_accept_ra_start_dhcp6_client, ipv6_accept_ra_start_dhcp6_client, IPv6AcceptRAStartDHCP6Client,
1054 "Failed to parse DHCPv6Client= setting")
1055 static const char* const ipv6_accept_ra_start_dhcp6_client_table[_IPV6_ACCEPT_RA_START_DHCP6_CLIENT_MAX] = {
1056 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_NO] = "no",
1057 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS] = "always",
1058 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES] = "yes",
1059 };
1060
1061 DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(ipv6_accept_ra_start_dhcp6_client, IPv6AcceptRAStartDHCP6Client, IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES);
Unnamed repository; edit this file 'description' to name the repository.